Page 199 - Cyber Defense eMagazine March 2024
P. 199

Cyber Threats and Challenges

            A report by Statista has revealed that in 2020, the healthcare sector in the US suffered the highest number
            of data breaches and compromised records. A total of 599 breaches occurred, affecting 26.4 million
            records. Cyberattacks on healthcare organizations cost an average of $4.99 million, a 13% increase from
            the previous year.

            Some of the most common and dangerous cyber threats and challenges that the  healthcare industry
            faces are:




            Ransomware

            Ransomware is malware that encrypts the victim's data or systems and demands a ransom for their
            decryption. These attacks can severely affect the functioning and services of healthcare organizations,
            as they can prohibit access to critical medical records, devices, and systems. For instance, in September
            2020, a ransomware attack on Universal Health Services, one of the largest hospital chains in the US,
            impacted more than 250 facilities and disrupted patient care for several days.



            Cloud Compromise

            This  attack  exploits  vulnerabilities  or  misconfigurations  within  healthcare  organizations'  cloud-based
            services  or  applications.  When  a  cloud  is  compromised,  it  can  lead  to  data  breaches,  data  loss,  or
            unauthorized access to sensitive information. A real-life example of this happened in July 2019, when a
            cloud-based vendor for American Medical Collection Agency, a billing service provider for healthcare
            organizations, experienced a data breach that exposed the personal and financial data of 20 million
            patients.



            Supply Chain

            Supply  chain  attacks  are  cyber-attacks  aimed  at  third-party  vendors  or  partners  of  healthcare
            organizations who provide software, hardware, or services integrated with their systems or networks.
            These attacks can compromise the security and integrity of healthcare organizations and their data since
            they can introduce malicious code or backdoors into their systems or devices. An example is the massive
            supply chain attack in December 2020, which targeted SolarWinds, a software company that provides
            network management tools to various sectors, including healthcare. This attack affected several federal
            agencies and private companies, exposing their sensitive data and systems.




            Business Email Compromise (BEC)

            BEC  is  a  phishing  attack  where  the  attacker  impersonates  a  legitimate  individual  or  organization  to
            deceive the recipient into acting, such as transferring money or disclosing sensitive information. These




            Cyber Defense eMagazine – March 2024 Edition                                                                                                                                                                                                          199
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
   194   195   196   197   198   199   200   201   202   203   204